Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/V1rYVkHJ4iIIHNg29wauYpELwcg.roa
File:                     V1rYVkHJ4iIIHNg29wauYpELwcg.roa (raw, json)
Hash identifier:          7R1pOTL7gS5y/fLoZFKL53bP7clTOjblHiZzRpiMJxQ=
Subject key identifier:   57:5A:D8:56:41:C9:E2:22:08:1C:D8:36:F7:06:AE:62:91:0B:C1:C8
Certificate issuer:       /CN=9be343c2fb3d6b8d23789ab4da6fcd465a690583
Certificate serial:       0194266BFE98F69988831D323AD111AFFE37
Authority key identifier: 9B:E3:43:C2:FB:3D:6B:8D:23:78:9A:B4:DA:6F:CD:46:5A:69:05:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/V1rYVkHJ4iIIHNg29wauYpELwcg.roa
Signing time:             Thu 02 Jan 2025 09:49:59 +0000
ROA not before:           Thu 02 Jan 2025 09:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205600
IP address blocks:        185.236.47.0/24 maxlen: 24
                          2a10:88c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:fe:98:f6:99:88:83:1d:32:3a:d1:11:af:fe:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9be343c2fb3d6b8d23789ab4da6fcd465a690583
        Validity
            Not Before: Jan  2 09:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=575ad85641c9e222081cd836f706ae62910bc1c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:58:e0:32:6a:19:dd:2c:42:05:4f:33:ac:a8:
                    22:94:02:8b:35:94:f3:07:a1:ea:40:fb:68:a3:e4:
                    2a:e2:60:42:99:01:c0:7c:c9:2e:46:2d:6f:ad:bd:
                    f8:63:26:81:5f:d9:35:95:d8:e0:2b:84:d3:c6:2f:
                    bb:94:7d:98:bd:9a:cc:2d:1d:5d:78:cb:20:cf:d5:
                    23:19:99:96:dd:4e:6b:3b:eb:bf:dc:13:d7:3d:06:
                    be:d7:e0:1a:75:5e:56:da:29:f5:48:15:c4:28:29:
                    d9:d2:80:2c:48:32:00:c6:03:07:71:2c:c3:08:12:
                    8d:c5:e1:4e:ef:0d:e1:d8:4a:ae:57:cf:68:e1:ce:
                    d7:ce:2a:db:2b:0d:3f:62:d1:de:5e:13:d1:4c:83:
                    d0:34:b6:4f:1e:8b:f7:54:0a:5f:b6:33:d9:d8:11:
                    31:8d:2c:d1:fa:c4:a4:04:8f:3f:c1:ff:bb:c9:d6:
                    26:7c:bf:9f:c2:76:87:e7:41:0c:a5:26:f7:50:81:
                    39:23:0f:9e:bd:92:8b:7b:c7:89:ad:b2:d9:fc:24:
                    dc:0b:7b:37:77:73:12:14:df:71:be:19:ad:e2:f4:
                    e6:fc:f7:b4:53:7f:23:d2:6e:98:0e:f3:c9:18:7f:
                    c2:d7:55:ef:c4:f3:5a:e1:6f:83:39:0e:27:4c:45:
                    b2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5A:D8:56:41:C9:E2:22:08:1C:D8:36:F7:06:AE:62:91:0B:C1:C8
            X509v3 Authority Key Identifier:
                keyid:9B:E3:43:C2:FB:3D:6B:8D:23:78:9A:B4:DA:6F:CD:46:5A:69:05:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-NDwvs9a40jeJq02m_NRlppBYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/V1rYVkHJ4iIIHNg29wauYpELwcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a9bd93-92bd-4bf9-b655-adcefdaa1028/1/m-NDwvs9a40jeJq02m_NRlppBYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.47.0/24
                IPv6:
                  2a10:88c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:dd:04:3b:01:32:8c:b8:e9:dc:05:4a:0d:6b:c6:8a:c3:8d:
         07:d6:94:38:71:00:d7:34:27:64:eb:11:ee:e3:4c:f5:d2:ec:
         f2:c8:eb:33:14:3b:2f:ad:76:69:43:a1:6e:13:36:2d:20:8e:
         e7:1b:dd:f9:18:09:61:8a:df:dd:f6:a1:0c:2b:ac:fb:36:eb:
         67:c0:f3:43:3e:ee:34:45:fd:7f:ca:d2:8f:12:87:5f:21:68:
         29:58:4a:b7:a8:d8:62:69:23:23:13:0a:16:12:03:c5:5b:60:
         2e:6b:79:7b:d7:af:c4:75:bf:46:8b:c3:a9:01:19:33:91:e7:
         4e:ab:9b:29:3b:46:f2:e5:2d:94:5d:df:0e:af:36:7f:c8:99:
         44:39:3a:eb:cf:c6:2b:dc:39:b1:5e:58:b2:fe:f8:b7:a4:89:
         c9:72:d0:28:f7:3f:48:8d:90:2f:fe:a6:86:de:ba:b1:a4:5d:
         d1:ef:b9:86:1a:0f:38:66:d3:8e:76:d6:82:f4:fa:f7:ca:6b:
         e0:4e:f0:c0:97:5e:0a:bf:4e:3a:4f:c0:68:7c:58:be:0a:54:
         d3:87:01:a5:cd:3b:77:73:97:50:8b:ae:7a:73:43:aa:3e:c9:
         ee:d9:c2:7a:c2:10:92:50:77:ae:21:aa:68:2a:ec:75:f3:8a:
         bd:0c:39:31
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma/6Y9pmIgx0yOtERr/43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZTM0M2MyZmIzZDZiOGQyMzc4OWFiNGRhNmZjZDQ2NWE2
OTA1ODMwHhcNMjUwMTAyMDk0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzVhZDg1NjQxYzllMjIyMDgxY2Q4MzZmNzA2YWU2MjkxMGJjMWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFjgMmoZ3SxCBU8zrKgilAKLNZTz
B6HqQPtoo+Qq4mBCmQHAfMkuRi1vrb34YyaBX9k1ldjgK4TTxi+7lH2YvZrMLR1d
eMsgz9UjGZmW3U5rO+u/3BPXPQa+1+AadV5W2in1SBXEKCnZ0oAsSDIAxgMHcSzD
CBKNxeFO7w3h2EquV89o4c7XzirbKw0/YtHeXhPRTIPQNLZPHov3VApftjPZ2BEx
jSzR+sSkBI8/wf+7ydYmfL+fwnaH50EMpSb3UIE5Iw+evZKLe8eJrbLZ/CTcC3s3
d3MSFN9xvhmt4vTm/Pe0U38j0m6YDvPJGH/C11XvxPNa4W+DOQ4nTEWyZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFda2FZByeIiCBzYNvcGrmKRC8HIMB8GA1UdIwQY
MBaAFJvjQ8L7PWuNI3iatNpvzUZaaQWDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1ORHd2czlhNDBqZUpxMDJtX05SbHBwQllNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hOWJkOTMtOTJiZC00YmY5LWI2NTUt
YWRjZWZkYWExMDI4LzEvVjFyWVZrSEo0aUlJSE5nMjl3YXVZcEVMd2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hOWJkOTMtOTJiZC00YmY5LWI2NTUtYWRjZWZkYWExMDI4
LzEvbS1ORHd2czlhNDBqZUpxMDJtX05SbHBwQllNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuewvMA0E
AgACMAcDBQMqEIjAMA0GCSqGSIb3DQEBCwUAA4IBAQA53QQ7ATKMuOncBUoNa8aK
w40H1pQ4cQDXNCdk6xHu40z10uzyyOszFDsvrXZpQ6FuEzYtII7nG935GAlhit/d
9qEMK6z7NutnwPNDPu40Rf1/ytKPEodfIWgpWEq3qNhiaSMjEwoWEgPFW2Aua3l7
16/Edb9Gi8OpARkzkedOq5spO0by5S2UXd8OrzZ/yJlEOTrrz8Yr3DmxXliy/vi3
pInJctAo9z9IjZAv/qaG3rqxpF3R77mGGg84ZtOOdtaC9Pr3ymvgTvDAl14Kv046
T8BofFi+ClTThwGlzTt3c5dQi656c0OqPsnu2cJ6whCSUHeuIapoKux184q9DDkx
-----END CERTIFICATE-----